<?php

require_once("header.php");
require_once("scripts/get_lib.php");
require_once("libs/item_lib.php");
valid_login($action_permission['read']);

//#############################################################################
// BROWSE AUCTIONS
//#############################################################################
function browse_auctions(&$sqlr, &$sqlc)
{
	global $lang_auctionhouse, $lang_global, $lang_item, $output, $characters_db, $world_db, $realm_id, $itemperpage, $item_datasite, $server, $user_lvl, $user_id;
	wowhead_tt();

	$red = "\"#DD5047\"";
	$blue = "\"#0097CD\"";
	$sidecolor = array(1 => $blue,2 => $red,3 => $blue,4 => $blue,5 => $red,6 => $red,7 => $blue,8 => $red,10 => $red);
	$hiddencols = array(1,8,9,10);

//$sqlc = new SQL;
//$sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);

//==========================$_GET and SECURE=================================
$start = (isset($_GET['start'])) ? $sqlc->quote_smart($_GET['start']) : 0;
if (is_numeric($start)); else $start=0;

$order_by = (isset($_GET['order_by'])) ? $sqlc->quote_smart($_GET['order_by']) : "time";
if (!preg_match("/^[_[:lower:]]{1,15}$/", $order_by)) $order_by="time";

$dir = (isset($_GET['dir'])) ? $sqlc->quote_smart($_GET['dir']) : 1;
if (!preg_match("/^[01]{1}$/", $dir)) $dir=1;

$order_dir = ($dir) ? "ASC" : "DESC";
$dir = ($dir) ? 0 : 1;
//==========================$_GET and SECURE end=============================

if( !$user_lvl && !$server[$realm_id]['both_factions'])
{
	$result = $sqlc->query("SELECT race FROM `characters` WHERE account = $user_id AND totaltime = (SELECT MAX(totaltime) FROM `characters` WHERE account = $user_id) LIMIT 1");
	
	if ($sqlc->num_rows($result))
	{
		$order_side = (in_array($sqlc->result($result, 0, 'race'),array(2,5,6,8,10))) ? " AND `characters`.`race` IN (2,5,6,8,10) " : " AND `characters`.`race` IN (1,3,4,7,11) ";
	}
	else
		$order_side = "";
}
else 
$order_side = "";

//==========================Browse/Search CHECK==============================
$search_by = '';
$search_value = '';
$search_filter = '';
$search_class = -1;
$search_quality = -1;

if((isset($_GET['search_value']) && isset($_GET['search_by'])) || (isset($_GET['search_class'])) || (isset($_GET['search_quality'])) )
{
	$search_value = $sqlc->quote_smart($_GET['search_value']);
	$search_by = $sqlc->quote_smart($_GET['search_by']);
	$search_class = $sqlc->quote_smart($_GET['search_class']);
	$search_quality = $sqlc->quote_smart($_GET['search_quality']);

	switch ($search_by)
	{
		case "item_name":
			if(( ($search_class >= 0) || ($search_quality >= 0)) && (!isset($search_value) ))
			{
				if ($search_class >= 0) $search_filter = "AND item_template.class = '$search_class'";
				if ($search_quality >= 0) $search_filter = "AND item_template.Quality = '$search_quality'";
			}
			else
			{
				$item_prefix = "";
				if ($search_class >= 0) $item_prefix .= "AND item_template.class = '$search_class' ";
				if ($search_quality >= 0) $item_prefix .= "AND item_template.Quality = '$search_quality' ";
				$result = $sqlc->query("SELECT entry FROM `".$world_db[$realm_id]['name']."`.`item_template` WHERE name LIKE '%$search_value%' $item_prefix");
				$search_filter = "AND auction.item_template IN(0";
				while ($item = $sqlc->fetch_row($result))
				$search_filter .= ", $item[0]";
				$search_filter .= ")";
			}
			break;
		case "item_id":
			$search_filter = "AND auction.item_template = '$search_value'";
			break;
		case "seller_name":
			if(( ($search_class >= 0) || ($search_quality >= 0)) && (!isset($search_value) ))
			{
				if ($search_class >= 0) $search_filter = "AND item_template.class = '$search_class'";
				if ($search_quality >= 0) $search_filter = "AND item_template.Quality = '$search_quality'";
			}
			else
			{
				$item_prefix = "";
				if ($search_class >= 0) $item_prefix .= "AND item_template.class = '$search_class' ";
				if ($search_quality >= 0) $item_prefix .= "AND item_template.Quality = '$search_quality' ";
				$result = $sqlc->query("SELECT guid FROM `characters` WHERE name LIKE '%$search_value%'");
				$search_filter = $item_prefix;
				$search_filter .= "AND auction.itemowner IN(0";
				while ($char = $sqlc->fetch_row($result))
				$search_filter .= ", $char[0]";
				$search_filter .= ")";
				$search_filter .= $item_prefix;
			}
			break;
		case "buyer_name":
			if(( ($search_class >= 0) || ($search_quality >= 0)) && (!isset($search_value) ))
			{
				if ($search_class >= 0) $search_filter = "AND item_template.class = '$search_class'";
				if ($search_quality >= 0) $search_filter = "AND item_template.Quality = '$search_quality'";
			}
			else
			{
				$item_prefix = "";
				if ($search_class >= 0) $item_prefix .= "AND item_template.class = '$search_class' ";
				if ($search_quality >= 0) $item_prefix .= "AND item_template.Quality = '$search_quality' ";
				$result = $sqlc->query("SELECT guid FROM `characters` WHERE name LIKE '%$search_value%'");
				$search_filter = $item_prefix;
				$search_filter .= "AND auction.buyguid IN(-1";
				while ($char = $sqlc->fetch_row($result))
				$search_filter .= ", $char[0]";
				$search_filter .= ")";
			}
			break;
		default:
			redirect("ahstats.php?error=1");
	}
	$query_1 = $sqlc->query("SELECT count(*) FROM `".$characters_db[$realm_id]['name']."`.`characters` , `".$characters_db[$realm_id]['name']."`.`item_instance` , `".$world_db[$realm_id]['name']."`.`item_template` , `".$characters_db[$realm_id]['name']."`.`auction` LEFT JOIN `".$characters_db[$realm_id]['name']."`.`characters` c2 ON `c2`.`guid`=`auction`.`buyguid` WHERE `auction`.`itemowner`=`characters`.`guid` AND `auction`.`item_template`=`item_template`.`entry` AND `auction`.`itemguid`=`item_instance`.`guid` $search_filter $order_side");
}
else
{
	$query_1 = $sqlc->query("SELECT count(*) FROM auction");
}

$result = $sqlc->query("SELECT `characters`.`name` AS `seller`, `auction`.`item_template` AS `itemid`, `item_template`.`name` AS `itemname`, `auction`.`buyoutprice` AS `buyout`, `auction`.`time`-unix_timestamp(), `c2`.`name` AS `encherisseur`, `auction`.`lastbid`, `auction`.`startbid`, SUBSTRING_INDEX(SUBSTRING_INDEX(`item_instance`.`data`, ' ',15), ' ',-1) AS qty, `characters`.`race` AS seller_race, `c2`.`race` AS buyer_race FROM `".$characters_db[$realm_id]['name']."`.`characters` , `".$characters_db[$realm_id]['name']."`.`item_instance` , `".$world_db[$realm_id]['name']."`.`item_template` , `".$characters_db[$realm_id]['name']."`.`auction` LEFT JOIN `".$characters_db[$realm_id]['name']."`.`characters` c2 ON `c2`.`guid`=`auction`.`buyguid` WHERE `auction`.`itemowner`=`characters`.`guid` AND `auction`.`item_template`=`item_template`.`entry` AND `auction`.`itemguid`=`item_instance`.`guid` $search_filter $order_side ORDER BY `auction`.`$order_by` $order_dir LIMIT $start, $itemperpage");
$all_record = $sqlc->result($query_1,0);

//=====================top tage navigaion starts here========================
$output .="
	<center>
		<table class=\"top_hidden\">
			<tr>
				<td width=\"80%\">
					<form action=\"ahstats.php\" method=\"get\" name=\"form\">
					<input type=\"hidden\" name=\"error\" value=\"2\" />
						<table class=\"hidden\">
							<tr>
								<td>
									<input type=\"text\" size=\"24\" name=\"search_value\" value=\"$search_value\" />
								</td>
								<td>
									<select name=\"search_by\">
										<option".($search_by == 'item_name' ? " selected=\"selected\"" : "")." value=\"item_name\">{$lang_auctionhouse['item_name']}</option>
										<option".($search_by == 'item_id' ? " selected=\"selected\"" : "")." value=\"item_id\">{$lang_auctionhouse['item_id']}</option>
										<option".($search_by == 'seller_name' ? " selected=\"selected\"" : "")." value=\"seller_name\">{$lang_auctionhouse['seller_name']}</option>
										<option".($search_by == 'buyer_name' ? " selected=\"selected\"" : "")." value=\"buyer_name\">{$lang_auctionhouse['buyer_name']}</option>
									</select>
								</td>
								<td>
									<select name=\"search_class\">
										<option".($search_class == -1 ? " selected=\"selected\"" : "")." value=\"-1\">{$lang_auctionhouse['all']}</option>
										<option".($search_class == 0 ? " selected=\"selected\"" : "")." value=\"0\">{$lang_item['consumable']}</option>
										<option".($search_class == 1 ? " selected=\"selected\"" : "")." value=\"1\">{$lang_item['bag']}</option>
										<option".($search_class == 2 ? " selected=\"selected\"" : "")." value=\"2\">{$lang_item['weapon']}</option>
										<option".($search_class == 4 ? " selected=\"selected\"" : "")." value=\"4\">{$lang_item['armor']}</option>
										<option".($search_class == 5 ? " selected=\"selected\"" : "")." value=\"5\">{$lang_item['reagent']}</option>
										<option".($search_class == 7 ? " selected=\"selected\"" : "")." value=\"7\">{$lang_item['trade_goods']}</option>
										<option".($search_class == 9 ? " selected=\"selected\"" : "")." value=\"9\">{$lang_item['recipe']}</option>
										<option".($search_class == 11 ? " selected=\"selected\"" : "")." value=\"11\">{$lang_item['quiver']}</option>
										<option".($search_class == 14 ? " selected=\"selected\"" : "")." value=\"14\">{$lang_item['permanent']}</option>
										<option".($search_class == 15 ? " selected=\"selected\"" : "")." value=\"15\">{$lang_item['misc_short']}</option>
									</select>
								</td>
								<td>
									<select name=\"search_quality\">
										<option".($search_quality == -1 ? " selected=\"selected\"" : "")." value=\"-1\">{$lang_auctionhouse['all']}</option>
										<option".($search_quality == 0 ? " selected=\"selected\"" : "")." value=\"0\">{$lang_item['poor']}</option>
										<option".($search_quality == 1 ? " selected=\"selected\"" : "")." value=\"1\">{$lang_item['common']}</option>
										<option".($search_quality == 2 ? " selected=\"selected\"" : "")." value=\"2\">{$lang_item['uncommon']}</option>
										<option".($search_quality == 3 ? " selected=\"selected\"" : "")." value=\"3\">{$lang_item['rare']}</option>
										<option".($search_quality == 4 ? " selected=\"selected\"" : "")." value=\"4\">{$lang_item['epic']}</option>
										<option".($search_quality == 5 ? " selected=\"selected\"" : "")." value=\"5\">{$lang_item['legendary']}</option>
										<option".($search_quality == 6 ? " selected=\"selected\"" : "")." value=\"6\">{$lang_item['artifact']}</option>
									</select>
								</td>
								<td>";
									makebutton($lang_global['search'], "javascript:do_submit()",80);
									$output .= "
								</td>
								<td>";
									(($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? makebutton($lang_global['back'], "javascript:window.history.back()",80) : $output .= "";
									$output .= "
								</td>
							</tr>
						</table>
					</form>
				</td>
				<td width=\"25%\" align=\"right\">";
					$output .= generate_pagination("ahstats.php?order_by=$order_by".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=".(($dir) ? 0 : 1), $all_record, $itemperpage, $start);
					$output .= "
				</td>
			</tr>
		</table>
		<table class=\"lined\">
			<tr>
				<th width=\"10%\"><a href=\"ahstats.php?order_by=itemowner&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='itemowner' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['seller']}</a></th>
				<th width=\"20%\"><a href=\"ahstats.php?order_by=item_template&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='item_template' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['item']}</a></th>
				<th width=\"15%\"><a href=\"ahstats.php?order_by=buyoutprice&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='buyoutprice' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['buyoutprice']}</a></th>
				<th width=\"15%\"><a href=\"ahstats.php?order_by=time&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='time' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['timeleft']}</a></th>
				<th width=\"10%\"><a href=\"ahstats.php?order_by=buyguid&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='buyguid' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['buyer']}</a></th>
				<th width=\"15%\"><a href=\"ahstats.php?order_by=lastbid&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='lastbid' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['lastbid']}</a></th>
				<th width=\"15%\"><a href=\"ahstats.php?order_by=startbid&amp;start=$start".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=$dir\">".($order_by=='startbid' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" alt=\"\" /> " : "")."{$lang_auctionhouse['firstbid']}</a></th>
			</tr>";

		global $mmfpm_db, $world_db;
		$sqlm = new SQL;
		$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
		$sqlw = new SQL;
		$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);

		while ($rows = $sqlc->fetch_row($result))
		{
			$output .= "
			<tr>";
			foreach($rows as $row => $value)
				{
					switch ($row)
					{
						case 4:
							$value = ($value >= 0)? (floor($value / 86400).$lang_auctionhouse['dayshortcut']." ". floor(($value % 86400)/3600).$lang_auctionhouse['hourshortcut']." ".floor((($value % 86400)%3600)/60).$lang_auctionhouse['mnshortcut']) : $lang_auctionhouse['auction_over'];
							break;
						case 5:
							$value = "<b>".((!empty($rows[10])) ? "<font color=".$sidecolor[$rows[10]].">".htmlentities($value, ENT_QUOTES, 'UTF-8')."</font>" : "N/A")."</b>";
							break;
						case 7:
						case 6:
						case 3:
							$g = floor($value/10000);
							$value -= $g*10000;
							$s = floor($value/100);
							$value -= $s*100;
							$c = $value;
							$value = $g."<img src=\"./img/gold.gif\" alt=\"\" /> ".$s."<img src=\"./img/silver.gif\" alt=\"\" /> ".$c."<img src=\"./img/copper.gif\" alt=\"\" /> ";
							break;
						case 2:
							$value = "<a href=\"$item_datasite$rows[1]\" target=\"_blank\" onmouseover=\"toolTip,'item_tooltip'\"><img src=\"".get_item_icon($rows[1], $sqlm, $sqlw)."\" class=\"".get_item_border($rows[1], $sqlw)."\" alt=\"$value\" /><br/>$value".(($rows[8]>1) ? " (x$rows[8])" : "")."</a>";
							break;
						case 0:
							$value = "<b>".((!empty($rows[9])) ? "<font color=".$sidecolor[$rows[9]].">".htmlentities($value, ENT_QUOTES, 'UTF-8')."</font>" : "N/A")."</b>";
							break;
					}
					if (!in_array($row,$hiddencols))
					$output .= "
						<td>
							<center>
							".$value."
							</center>
						</td>";
				}
				$output .= "
				</tr>";
		}
		$output .= "
		<tr>
			<td  colspan=\"7\" class=\"hidden\" align=\"right\" width=\"25%\">";
			$output .= generate_pagination("ahstats.php?order_by=$order_by".( (($search_by && $search_value) || ($search_class != -1) || ($search_quality != -1)) ? "&amp;search_by=$search_by&amp;search_value=$search_value&amp;search_quality=$search_quality&amp;search_class=$search_class&amp;error=2" : "" )."&amp;dir=".(($dir) ? 0 : 1), $all_record, $itemperpage, $start);
			$output .= "
			</td>
		</tr>
		<tr>
			<td colspan=\"7\" class=\"hidden\" align=\"right\">{$lang_auctionhouse['total_auctions']} : $all_record
			</td>
		</tr>
	</table>
</center>";
}
//#############################################################################
// MAIN
//#############################################################################
$err = (isset($_GET['error'])) ? $_GET['error'] : NULL;

$output .= "
<div class=\"top\">";

$lang_auctionhouse = lang_auctionhouse();

switch ($err)
{
	case 1:
		$output .= "
		<h1><font class=\"error\">{$lang_global['empty_fields']}</font></h1>";
		break;
	case 2:
		$output .= "
		<h1><font class=\"error\">{$lang_auctionhouse['search_results']}</font></h1>";
		break;
	default:
		$output .= "
		<h1>{$lang_auctionhouse['auctionhouse']}</h1>";
}

unset($err);

$output .= "
</div>";
$action = (isset($_GET['action'])) ? $_GET['action'] : NULL;

switch ($action)
{
	case "unknown":
		break;
	default:
		browse_auctions($sqlr, $sqlc);
}

unset($action);
unset($action_permission);
unset($lang_auctionhouse);
require_once("footer.php");

?>
